Language Selection

English French German Italian Portuguese Spanish

Unpatched Firefox flaw may expose users

Filed under
Moz/FF
Security

A new, unpatched flaw in that affects all versions of Firefox could let attackers surreptitiously run malicious code on users' PCs, a security researcher has warned.

The problem lies in the way Firefox handles Web links that are overly long and contain dashes, security researcher Tom Ferris said in an interview via instant messaging late Thursday.

He posted an advisory and a proof of concept to the Full Disclosure security mailing list and to his Security Protocols Web site.

The security vulnerability is a buffer overflow flaw that "allows for an attacker to remotely execute arbitrary code" on a vulnerable PC, Ferris said. An attacker could host a Web site containing the malicious code to exploit the flaw, he said. Though his proof of concept only crashes Firefox, Ferris claims he has been able to tweak it to run code.

Severity:
Critical

Vendor:
Mozilla

Versions Affected:
Firefox Win32 1.0.6 and prior
Firefox Linux 1.0.6 and prior
Firefox 1.5 Beta 1 (Deer Park Alpha 2)

Full Story.

More in Tux Machines

New Ubuntu Phone Separates the App from the Data

As CIO Journal has noted, Mr. Shuttleworth envisions the rise of an Ubuntu-powered phone that runs desktop grade applications and plugs into peripherals such as large displays and keyboards. In other words, he is working to achieve true mobile-desktop-laptop convergence — the only computer you need, in your pocket, all the time. He tried to raise $32 million to fund development of such a phone, known as the Edge, in a widely publicized crowdfunding campaign on Indiegogo. The campaign ended in 2013, short of its goal. Read more

Korora 21

My install went quite well, I had no problems and the install itself was relatively speedy. Bear in mind, however, that I have used the Anaconda installer often in the past. So I’m quite familiar with how it is laid out and what it has to offer. Use the Fedora install guide for Anaconda I linked to above if you’re new to it as it might save you some time when installing Korora 21. Read more

How to run Linux and Chrome OS on your Chromebook

Chromebooks are pretty darn handy. Even some hardcore Windows users now acknowledge that a Chromebook might be just what you need for work. But, as great as Chromebooks are, and as much progress as Google has made in getting "Web-only" apps such as Google Docs to work offline, there are still times that you want an application that's only available off-line such as the LibreOffice office suite or the GIMP photo editor. For those times, it's darn handy to be able to run a Linux desktop on a Chromebook. Read more

Developing Linux Is Essential To Intel's Success

The dominant position of Intel in the server processor market is likely helped by the company's consistent strong support for Linux. Based on the W3Techs chart below, Linux is almost as popular as Windows-based servers are. Read more